Passwords are a commonly practiced security measure that prevents unauthorized users from accessing computer systems as well as identifying authorized users during an access. However, unauthorized users have used a variety of measures to ascertain the passwords of authorized users.
Once an unauthorized user has obtained an authorized user's password, the unauthorized user can access the computer system in the same manner as the authorized user. Often times, the unauthorized user accesses the computer system for malicious purposes. The activity of the unauthorized user is generally not detected until significant damage or disruptions have occurred.
Requiring authorized users to change their passwords at regular intervals can curtail, at least to some extent, the activities of unauthorized users. However, the regular interval time period is usually several weeks or months. During this time period, an unauthorized user can cause significant damage and disruption. Even if the user changes password daily, it could still not be effective to inhibit unauthorized user to do significant damage and disruption for that duration.
As a result, some computer systems use a time varying randomly generated password for each authorized user. The administrator of the computer system provides each authorized user with a device. The device includes a pseudo-random number generator that generates a code at relatively short time intervals, such as every minute. The computer system is also equipped to determine the pseudo-random number at a given time. When the authorized user seeks to access the computer system, the authorized user uses the code generated and displayed by the device as the password.
The foregoing provides for quickly changing passwords that are valid for short times. Accordingly, even if an unauthorized user does obtain a password, the password is valid for a very short time period. This significantly curtails the damage that an unauthorized user can do.
Nevertheless, such computer networks can still be exposed to unauthorized users. As an additional security precaution, some computer systems also require access by authorized users from a particular client terminal. The particular client terminal is known as a secure terminal and is preferably located in a physically secured location. Accordingly, in order to gain unauthorized access to such a computer network, an unauthorized user would also have to physically breach the physical security at the secured location.
An unauthorized user can bypass the physical security at the secured location by gaining remote access to the secure terminal. Accordingly, remote access is usually cut off from the secure terminal. However, cutting off remote access to the terminal generally cuts of all communication between the secure terminal and the outside world, except between the secure terminal and the server for the computer network. This essentially reduces the secure terminal to a dedicated terminal for accessing the computer network.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention as set forth in the remainder of the present application with reference to the drawings.